Re: "Dropsafe" logs

[Jim Laverty <laverty () matrix-one com>]

Adaptec has a CD-R package that will allow you to use the CD-R as a write
once hard drive, without needing to do a one-time burn.

At 10:03 AM 4/8/99 +0000, Scott Crawford wrote:
> Greetings --
>
> (My mail agent crashed without having logged the send when I attempted to
send 
> this before and it hasn't shown up on the list yet, so this *should* be the 
> first time I'm posting this question, but apologies if not.)
>
> We are seeking a means to implement real-time write-once "dropsafe" logs
of our 
> firewall bastion in case of a system failure or a hacker trying to cover
their 
> tracks.  Unfortunately, unless there's an alternative I'm not aware of, a
CD-R 
> requires a complete disk image in ISO 9660 format to be burned into the 
> writeable disk all at once, which means we either have to wait until we have 
> nearly 640 MB of logfiles to write or waste an awful lot of writeable disk 
> space.  We have no operational experience with MO drives here, nor would
we want 
> to risk those models where write-once settings can be turned off in
software. 
> Sending output to a line printer is not an attractive option, nor is keeping 
> around a machine that would otherwise be junk just to monitor, for example, 
> serial line output from the bastion host and dump terminal sessions a few
kb at 
> a time to a permanent logfile.
>
> What are others doing to maintain real-time write-once copies of firewall
logs?  
> Is there write-once media to which data can be written in realtime (i.e.
like a 
> real filesystem)?
>
> AdTHANKSvance,
> Scott Crawford